Cybersecurity M&A deal flow: List of 200 transactions in 2017 | CSO Online

Cybersecurity M&A deal flow: List of 200 transactions in 2017 | CSO Online

The cybersecurity market is expected to ring up sales of $1 trillion cumulatively between 2017 and 2021.  In 2017, more than 200 cybersecurity startups received venture funding. With a flurry of new entrants looking to grab a slice of the spending, there’s an equal amount of market consolidation.
Over the past year, the cybersecurity market saw more than 200 mergers and acquisitions. The deal flow, tracked quarterly by the Cybersecurity Ventures M&A Report, has been compiled into an annual recap for CSO readers.


ICYMI | Identity Theft – The CPA Journal

ICYMI | Identity Theft – The CPA Journal

Identity theft continues to be a serious issue for individuals and businesses. According to Javelin Research’s 2016 Identity Theft Study, $15 billion was stolen from 13.1 million individuals in 2015 (Al Pascual, Kyle Marchini, and Sarah Miller, “2016 Identity Fraud: Fraud Hits an Inflection Point,” Feb. 2, 2016, For businesses, data breaches can compromise customers, clients, and employees; furthermore, it has been estimated that 90% of data breaches impact small businesses (“Small Businesses: The Cost of a Data Breach is Higher than You Think,” First Data Market Corporation, In light of these statistics, it is essential for CPAs to address the financial and tax issues related to individual identity theft as well as compromised business data that can translate into identity theft for customers, clients, and employees.

Where Will The Cybersecurity Battle Lines Be Drawn In 2018?

Where Will The Cybersecurity Battle Lines Be Drawn In 2018?

Rich Campagna is the CEO of Bitglass. He previously served as senior director of product management at F5 Networks.  Beneath everyday web traffic, there’s a fierce battle raging for the security of the Internet. On one side are the villains; cyber criminals ranging from thrill-seeking amateurs to nation states. On the other side are the cybersecurity professionals, including researchers and analysts, all of whom seek to protect data.


Hackers targeting Apple, Google app stores with malicious crypto apps

Hackers targeting Apple, Google app stores with malicious crypto apps

Hackers are targeting app stores from the likes of Apple and Google with malicious cryptocurrency apps to steal money and personal data, according to a study.  Researchers at cybersecurity firm RiskIQ analyzed more than 18,000 apps to detect ones that are blacklisted by cybersecurity vendors.  Their research found that 661 blacklisted cryptocurrency apps were found across 20 app stores including Apple’s App Store, Google Play and others.


PSD2 – the directive that will change banking as we know it

PSD2 – the directive that will change banking as we know it

In short, PSD2 enables bank customers, both consumers and businesses, to use third-party providers to manage their finances. In the near future, you may be using Facebook or Google to pay your bills, making P2P transfers and analyse your spending, while still having your money safely placed in your current bank account. Banks, however, are obligated to provide these third-party providers access to their customers’ accounts through open APIs (application program interface). This will enable third-parties to build financial services on top of banks’ data and infrastructure.


South Korea’s Cryptocurrency Crackdown Isn’t Stopping This Bitcoin Exchange’s Launch – WSJ

South Korea’s Cryptocurrency Crackdown Isn’t Stopping This Bitcoin Exchange’s Launch – WSJ

Cryptocurrency platform OKCoin is planning to launch a bitcoin exchange in South Korea as soon as next month, a move that comes as the country’s government is considering whether to shut down cryptocurrency exchanges altogether.
Beijing-based OKCoin, which previously ran one of the biggest bitcoin exchanges in China before the government there banned cryptocurrency exchanges on the mainland, now plans to branch out to South Korea, another Asian hot spot for crypto trading. It has launched an OKCoin Korea website and has accepted preorder registrations for more than 150,000 people since Friday. The exchange intends to make some 60 digital coins available for trading.


Japan a global leader in cryptocurrency investment | The Japan Times

Japan a global leader in cryptocurrency investment | The Japan Times

Japan is the global leader in the market development of cryptocurrencies — a global buzzword recently — some of which have seen their values skyrocket over the past year.
As of Jan. 15, yen accounts for 56.2 percent of bitcoin, or BTC, the most popular cryptocurrency, according to Yen is followed by U.S. dollars at 28.4 percent, while all others account for 15.4 percent. Chinese yuan used to account for the largest until January 2017, but dropped after the state imposed strict restrictions on cryptocurrency trading.


Biotech M&A takes off as Sanofi and Celgene spend $20 billion

Biotech M&A takes off as Sanofi and Celgene spend $20 billion

(Reuters) – Biotech deal activity exploded on Monday with French drugmaker Sanofi and U.S.-based Celgene spending a combined total of more than $20 billion to add new products for hemophilia and cancer to their medicine cabinets.

The acquisitions will fuel expectations for a busy year of mergers and acquisitions (M&A) as large drugmakers snap up promising assets from smaller rivals to help revive growth.

Sanofi agreed to buy U.S. hemophilia expert Bioverativ for $11.6 billion, its biggest deal for seven years, while Celgene is paying about $9 billion for the 90 percent of cancer specialist Juno Therapeutics it does not already own.

The two cash deals were agreed at a prices of $105 and $87 per share respectively. Shares in Bioverativ leaped 63 percent in early U.S. trading and Juno jumped 27 percent, reflecting the offers, while Sanofi fell 4 percent. Celgene was little changed.

Other biotech stocks were driven higher by the takeover news, with rivals to Juno including Bluebird Bio , Sangamo Therapeutics and Cellectis each gaining around 10 percent.

“The signs are good for biotech deal activity in 2018,” said Chris Stirling, head of KPMG’s global life sciences practice.

Big companies are under pressure from declining sales of older treatments and many are struggling to find sufficient high-value replacements from within their own laboratories, making buying in products and know-how an attractive option.

“It takes a long time to introduce technology that makes a significant difference, and in the interim CEOs are looking at any way to get their hands on product where they believe they can make a decent return,” Stirling said. “They’ve got to be seen to be doing things, otherwise they really struggle to convince investors.”

Both Sanofi and Celgene had been seen as likely multibillion-dollar acquirers.


FILE PHOTO: A scientist prepares protein samples for analysis in a lab at the Institute of Cancer Research in Sutton, Britain, July 15, 2013. REUTERS/Stefan Wermuth/File Photo

The French group, which faces mounting competition in its key diabetes unit, lost out on buying U.S. cancer firm Medivation to Pfizer in 2016, and also missed acquiring Swiss-based Actelion, which was bought by Johnson & Johnson last year.

Celgene, meanwhile, needs to dilute its reliance on cancer drug Revlimid. It had been widely tipped as a buyer for Juno, whose technology is at the cutting edge of cancer treatment.

Juno is one of several pioneers of a system to modify immune cells to fight tumors and its JCAR017 product is likely to reach the market in 2019, behind rival approval treatments from Novartis and Gilead.

FILE PHOTO:A scientist prepares protein samples for analysis in a lab at the Institute of Cancer Research in Sutton, July 15, 2013. REUTERS/Stefan Wermuth/File Photo.

Gilead only recently jumped into the space after acquiring Kite Pharma last year for $12 billion in one of the few standout deals during a relatively subdued year for biotech M&A.

Despite the late start, Celgene believes JCAR017 could have peak annual sales of $3 billion and it sees the acquisition being “incrementally additive” to net product sales in 2020. Following setbacks at Juno, Celgene is paying less than the $93 a share it stumped up for just under 10 percent of the company in 2015.

Sanofi expects Bioverativ, which was spun off from Biogen last year, can deliver commercial success despite rapid changes in the $10 billion hemophilia market posed by a novel drug from Roche and the potential of gene therapy to provide a one-time cure.

Those changes have spooked some investors but Sanofi is betting that the factor replacement therapies made by Bioverativ will remain the standard of care for many years and it expects the deal to boost earnings immediately.

Monday’s two big acquisitions build on an already busy start for 2018 biotech M&A, with Celgene earlier agreeing to acquire privately-held Impact Biomedicines for as much as $7 billion, including $1.1 billion upfront, and Novo Nordisk bidding $3.1 billion for Belgium’s Ablynx.

Separate reports this month by consultancy EY and law firm Baker McKenzie both predicted a significant rise in life sciences M&A in 2018, helped by U.S. tax changes that may lift big companies’ appetite for deals.

Lazard advised Sanofi on its deal, while Guggenheim Securities and J.P. Morgan worked for Bioverativ. J.P. Morgan also worked for Celgene and Morgan Stanley for Juno.

Additional reporting by Tamara Mathias, Matthias Blamont and Shubham Kalia; Editing by Edmund Blair and Alexander Smith

Source: Biotech M&A takes off as Sanofi and Celgene spend $20 billion


Nations Seek the Elusive Cure for Cyberattacks

Nations Seek the Elusive Cure for Cyberattacks

Efforts to establish “norms of behavior” got a promising start, but are now falling apart. No one can even agree on when an act of aggression in cyberspace amounts to an act of war. The Pentagon, in its first nuclear strategy review since President Trump took office, is even proposing to use the threat of unleashing nuclear weapons against a country or group that delivered a devastating cyberattack against the critical infrastructure of the United States or its allies. But that doesn’t help with the problem of everyday attacks.

The most talented state sponsors of attacks — mostly Russia, China, Iran and North Korea — have carefully calibrated their operations in cyberspace to achieve their strategic aims while avoiding a real shooting war. So far they have succeeded. While there have been indictments of Iranian and Chinese hackers in major strikes on the United States, they have never seen the inside of an American courtroom.

North Korea has been a case study in how a nation learns to make use of its cyberweapons for disruption, revenge or profit, without fear of serious retaliation. It has learned how to station hackers around the world — in China, Malaysia, Thailand and elsewhere — and has gotten away with bolder and bolder attacks, from Wannacry to its raid on Bangladesh’s central bank, which nearly resulted in the theft of a billion dollars. (The transfers were halted after $81 million had passed through the Swift system, the international clearinghouse for transactions, after someone at the New York Fed discovered a spelling error — the word “fandation” for “foundation” — and stopped the heist. )

As James Lewis of the Center for Strategic and International Studies put it recently, “North Korea is both cautious and cunning in its use of force, including cyberattack.” But he added: “The North has been successful only against poorly protected targets, of which there are many, suggesting that there is a relatively low ceiling for its cyberattack capabilities.”

In fact, the explosion of state-sponsored, sophisticated cyberattacks over the past seven or eight years has been fueled, in large part, by the expansion of poorly protected targets. Yes, banks and major utilities have, for the large part, tightened their defenses, and tens of billions of dollars have been made by companies promising all kinds of cyber protections, from the most basic programs loaded on your laptop to sophisticated systems designed to anticipate future action, or watch for variations in the normal behavior of users.

But none of that has prevented cyberspace from becoming what President Barack Obama termed the “Wild, Wild West,” a territory of anarchy, where adversaries take free shots at one another. In the past five years, these attacks have become the cheapest way for nations to undercut one another in the name of bigger strategic goals.

President Emmanuel Macron in France is proposing that government authorities be able to take down “fake news” during elections. Credit Ludovic Marin/Agence France-Presse — Getty Images

Yet the world has been unable to decide what constitutes fair game, and what should be off limits. For years officials talked about their fear of a “cyber Pearl Harbor,” a devastating strike against the power grid that would turn out the lights from Boston to Washington, or London to Rome. That has not happened, save for limited strikes in Ukraine, widely attributed to Russian hackers, that seemed intended to send a message that they could attack critical infrastructure at any time. Countries have sensed what would happen if they went too far.

Instead, cyberattacks have taken a far more subtle turn. The Russian-led attacks on the 2016 American election — and similar efforts in France and Germany last year — are prime examples. While United Nations experts had been struggling to come up with “norms of behavior” in cyberspace, a consensus about what was off-limits — like attacks on power grids or safety systems, for example — few were thinking about the use of the technology to influence elections.

In fact, the election systems in the United States — the foundation of American democracy — were never on the list of “critical infrastructure” until Mr. Obama’s Homeland Security secretary, Jeh Johnson, added them in the last days of the administration. By then it was too late.

Infrastructure is only part of the problem. The evidence that has poured out of the United States after more than a year of congressional investigations has left no doubt that Russian hackers — working largely on behalf of two of Moscow’s spy services, the SVR and the GRU — did far more than use cyber tools to break into the Democratic National Committee and the accounts of key players in Hillary Clinton’s campaign.

The sophisticated use of “bots” to target key demographic groups with Twitter messages, Facebook ads and just ordinary-looking social media exchanges made it clear that we have entered a new world, in which states marry some of the oldest propaganda techniques with the newest ways to disseminate a divisive message.

Yet thinking about how to regulate that kind of activity is tying the West in knots. President Emmanuel Macron in France is proposing that government authorities be able to take down “fake news” during elections, declaring in his New Year’s speech that “if we want to protect liberal democracies, we must be strong and have clear rules.”

Yet those rules clearly could not survive in the United States, where First Amendment protections would prohibit the government from stepping in and declaring what is fake and what is not.

President Trump’s own declarations about what constitutes “fake news” — including articles about the Russian election activity — underscore the dangers of putting that power into government hands.

There are other complications. After the election hacks in the United States, many called for “real identities” on the internet, so the world would know exactly who is tweeting or posting. Sensible as it may sound, it would also be a boon to the Russians, the Chinese and any authoritarian government looking to crack down on dissent. In short, the best way to solve the problem of election meddling and anonymous attacks would be a dictator’s dream.

There have been a few successes in setting norms of behavior, particularly when it comes to banning child pornography or cracking down on intellectual property theft. But those are the easiest issues on which to agree.

The United States, for example, would never support rules that banned espionage. And what about rules prohibiting the placement of “implants” in foreign computer networks, so that in the future they could monitor activity or plant malware to bring a network down?

American and European officials raise the alarm whenever they find such implants in their electrical grids. But they also quietly place them in hundreds of thousands of foreign networks. That is how Presidents Bush and Obama got inside Iran’s nuclear enrichment site at Natanz, with the Stuxnet code.

It is a power that the United States and its allies, have no intention of giving up.

Source: Nations Seek the Elusive Cure for Cyberattacks


Behavioral biometrics missing from cybersecurity

Behavioral biometrics missing from cybersecurity

Recently, there’s been an uptick in the adoption of the NIST Cybersecurity Framework, a set of guidelines aimed at helping organizations improve their overall cybersecurity process. In December 2017, NIST released the second draft of its framework. Among the updates were two critical additions to the Identity Management, Authentication and Access Control guidance.

These updates address the disturbing reality that our digital identities are surprisingly unsecure. More than 9 billion credentials have been stolen since 2013, giving cyber criminals an abundance of personally identifiable information to use to commit fraud, from account takeover attacks, to fraudulent credit applications and more. By combining NIST Framework guidelines with behavioral biometric identity proofing and authentication solutions, organizations can fight back against these shocking statistics to detect and prevent fraud.

What is the NIST Framework?

The NIST Cybersecurity Framework is a set of guidelines collaboratively formulated to give companies a starting place for evaluating, preventing and responding to cyber risk. Thirty percent of U.S. organizations use the NIST framework, including JPMorgan Chase, Merck & Co, Kaiser Permanente and Chevron Corporation. The NIST Framework focuses on five areas for reducing cyber risk: identify, protect, detect, respond, recover.

Rather than being shocked by each new data breach, ransomware attack or instance of fraud, companies are increasingly working to improve their cybersecurity posture, and not just internal information security professionals. Business leaders and c-suite level executives are waking up to the importance of putting resources behind their organization’s cybersecurity, from the insurance industry to financial institutions. Companies are finding the NIST Framework’s guidance particularly helpful in a time when cyberattacks are costly and growing at an alarming rate. Every 39 seconds, there is an attack on a computer with internet access and cyberattacks are priced at an estimated $400 billion globally per year.

Meeting NIST Framework Identity Management and Authentication Guidelines with behavioral biometrics: Behavioral biometrics are specifically designed to address the identity management and authentication guidance added under the “protect” section of the NIST Framework’s second draft. Using behavioral biometrics, organizations can employ advanced identity proofing and authentication technology to detect fraud and prevent unauthorized access.

Identity proofing with behavioral biometrics

The NIST Framework recommends that “identities are proofed and bound to credentials and asserted in interactions when appropriate.” Identity proofing is a process organization’s use to collect and verify information about a person for the purpose of an account opening or issuing credentials to that person. Most often, identity proofing is used to meet regulatory requirements and prevent fraud.

Typically, companies rely on database searches to verify user information entered into online applications. These traditional identity proofing methods are no longer sufficient, however, as the information required to open new accounts is readily accessible to cybercriminals due to large-scale data breaches. In fact, one in nine of all online accounts created in 2017 was fraudulent.

Behavioral biometrics fulfill NIST Framework guidance for identity proofing by monitoring user behavior when filling out online applications, not just that the correct information is entered. Working in the background, behavioral biometrics verify that online applications are being filled out by genuine users, not fraudsters, by testing for application fluency, navigational fluency and low data familiarity.

For example, fraudsters often use keyboard shortcuts and enter unfamiliar data in a way not exhibited by legitimate users. Based on these parameters, organizations can effectively verify user identity, in real-time, and experience less fraud.

Risk-based, multi-factor authentication and behavioral biometrics

The second update to the NIST Framework that behavioral biometrics can address relates to risk-based, multi-factor authentication. Specifically, the NIST Framework recommends that “users, devices, and other assets are authenticated (e.g., single-factor, multifactor) commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks).”

Behavioral biometrics go a step farther and meet these requirements by providing continuous authentication, not just single or multi-factor authentication. Rather than requiring users to provide a static identifier, like a password or fingerprint, behavioral biometrics monitor user behavior from login to logout to detect suspicious activity throughout a user session, not just at login. This is important because 100 percent of fraud occurs in authenticated sessions, clear evidence that traditional authentication methods are still failing to catch cybercriminals.

Even multi-factor authentication has already proven vulnerable to attack. Working behind the scenes, behavioral biometrics collect data on user interactions with a device, establishing a unique identity profile that can’t be duplicated. How one user moves their mouse, for example, can’t be recreated by a cybercriminal or remote access trojan. This entire authentication process takes place without the user knowing — a win for customer experience.

When needed, behavioral biometrics can also introduce additional authentication measures if suspicious activity is detected. This could be a prompt to enter a password or use another biometric like a fingerprint or facial scan. This type of multi-factor authentication is significantly more secure than knowledge-based security.

Using behavioral biometrics, organizations can meet and exceed NIST Framework guidelines around authentication to better secure users, online transactions and the business as a whole.

The NIST Framework is an excellent place for organizations to begin improving and updating their cybersecurity process. In June 2017, NIST also released a Special Publication (SP) 800-63, a document outlining Guidelines on Digital Identity. The document replaced outdated authentication and identity proofing recommendations with new ones, meant to align with the types of cyber threats organizations are facing today. This includes providing adequate identity proofing and authentication solutions to prevent unauthorized access, activities and transactions.

Advanced technology solutions, like behavioral biometrics, are helping organizations put NIST Framework recommendations into practice. When it comes to preventing fraud, account takeover, malware or other cyberattack, behavioral biometrics provide the best option for ensuring users are who they claim to be.

Frances Zelazny is vice president of BioCatch, a cybersecurity company that delivers behavioral biometrics to protect users and data. She provided testimony last year to the New York State Assembly’s banking committee on cybersecurity threats facing the U.S. financial industry.

Source: Behavioral biometrics missing from cybersecurity